On May 26, European Supervisory Authorities published a Discussion Paper on DORA proposing criteria for critical ICT third-party service providers (CTPPs) and fees levied on such providers.
ICT third-party service providers are critical to financial services operations, their stability and the integrity of financial systems. A large-scale failure to provide its services would have a significant and systemic impact on financial services.
The different proposed criteria relate to:
Impact on provision of financial services
Importance of financial entities
Critical or important function
Degree of substitutability
A third-party service provider that is designated as critical will pay oversight fees, to cover expenditures arising from the conduct of oversight tasks. The Discussion Paper proposes to clarify the scope of fees and estimated expenditures.
Responses to the discussion paper were requested by 23 June 2023.
DORA was adopted on November 22, 2022 and will apply from 17 January 2025 (read our previous piece here for more information).
Comments